The Internet of Things is looking like the next big wave in technology, with hundreds of smart devices, from speakers to lightbulbs, getting automated through your cell phone or through “virtual assistants,” such as Alexa. This type of automation is convenient and often energy-efficient, but it comes with one big downside: many smart devices are easily hackable.
That was the case for Axis, a security systems manufacturer, who confirmed that all its products were affected by the so-called “Devil’s Ivy” bug, which was found in the open source software library gSOAP. When testing the bug on an Axis security camera, hackers were able to attain control of the camera. Obviously, this does not an effective security system make.
But it’s not just Axis. Smart devices in general do not guard very stringently against hackers. Savvy smart device owners have even taken to hacking their own devices, customizing them to their needs and posting the code online. It’s a neat trick, but it points to how easy and risk-free it can be for hackers to seize control of some of these devices.
This can pose huge consequences. Modern cars come full of smart devices, from hands-free phones to built-in GPSs. The FBI, the U.S. Department of Transportation, and the National Highway Traffic and Safety Administration have teamed up to test the vulnerability of these devices. In an experiment, white hat hackers successfully hijacked a Jeep Cherokee. They were able to turn the car’s steering wheel and apply its brakes remotely.
Still, most smart devices aren’t so high-stakes. If your only smart products are appliances hooked up to your network for convenience, it can be difficult to see what the big deal is. We live in a world where your coffee machine or your thermostat could theoretically get hacked, but who would want to hack a thermostat or a coffee machine? What could such a security breach do?
Surprisingly, a lot. The biggest concern with smart devices is not that hackers might gain access to those devices, it’s that they can access the controlling network through the devices. If you’re running your smart devices through your phone, for example, someone could access your phone by hacking one of the devices.
What can be done to address these vulnerabilities? One solution would be to implement standard update procedures for Internet of Things devices. Unlike your phone or your computer, these devices do not update themselves when bugs are found.
In the meantime, the Department of Homeland Security and the National Institute of Standards and Technology have been recommending how companies and people should deal with Internet of Things security. If you have any smart devices, be sure to check their suggestions.